CVE-2012-5949 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3 and 8 allow remote attackers to inject content and conduct phishing attacks via vectors involving (1) the html/en/default/ directory (2) birt/frameset (3) WebProcess.srv (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp or (5) a/html/en/default/om2/omObjectFinder.jsp.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21628851 http://www-01.ibm.com/support/docview.wss?uid=swg21628852 https://exchange.xforce.ibmcloud.com/vulnerabilities/80629